[redhat-lspp] LSPP Development Telecon 04/10/2006 Minutes
Chad Hanson
chanson at TrustedCS.com
Mon Apr 17 17:31:12 UTC 2006
>
> When "jdoe" needs to do administrative actions, he uses "su" to change to
> root. This prompts for the root password. (Alternatively, use "sudo bash"
> which would prompt for the user's current password). The new shell
> defaults to the "audadm_r" role since that's the only authorized role for
> this user.
>
> For a different user "cnorris" who is authorized for all of the sysadm_r,
> secadm_r, and audadm_r roles, you would declare one of these to be the
> default role (probably sysadm_r), and the user can switch among the
> authorized role (after "su") using "newrole -r". Alternatively, a "-r
> ROLE" switch to "su" or "sudo" would be nice.
>
We dropped the context changing from "su" because it was changing MLS levels
along with the role/type changes. The MLS level changing is definitely not
desired in this procedure.
-Chad
More information about the redhat-lspp
mailing list